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the description: 
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filed with the letter of . 



the sequence listing part of the description: 
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pages 
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NONE 



filed with the letter of . 



2. With regard to the language, all the elements marked above were available or furnished to this Authority in the language in which 
the international appbcation was filed, unless otherwise indicated under this item. 

These elements were available or furnished to this Authority in the following language which is: 

I I the language of a translation furnished for the purposes of international search (under Rule 23.1(b)). 
I I the language of publication of the international application (under Rule 48.3(b)). 

[ I the language of the translation furnished for the purposes of international pireliminaiy examination (under Rules 55.2 and/ 
or 55.3). 

3. With regard to any nucleotide and/or amino acid sequence disclosed in the international application, the international 
preliminary examination was carried out on the basis of the sequence listing: 

□ contained in the international application in printed form. 

I I filed together with the international application in computer readable form. 

I I furnished subsequently to this Authority in written form. 

j I furnished subsequently to this Authority in computer readable form. 

□ The statement that the subsequently furnished written sequence listing does not go beyond the disclosure in the 
international application as filed has been furnished. 

I I The statement that the infomiation recorded in computer readable form is identical to the writen sequence listing has 
' — ' been furnished. 

4 I x| The amendments have resulted in the cancellation of: 

[3 the description, pages NONE 

Q the claims. Nos. NONE 

fx] the drawings, sheetstfig NONE 



5- |x I This report has been drawn as if (some ©0 the amendments had not been made, since they have been considered to go 

beyond the disclosure as filed, as indicated in the Supplemental Box (Rule 70.2(c)).** 
* Replacement sheets which have been fiarmshed to the receiving Office in response to an inviiazion under Article 14 are referred to 
in this report as "originally filed" and are not annexed to this report since they do not contain amendments (Rules 70.16 
and 70.17). 

**Anv replacement sheet containing such amendmenis must be referred to under item J and annexed to this report. 
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V. Reasoned statement under Article 35(2) with regard to novelty, inventive step or industrial applicability-; 
citations and explanations supporting such statement 



1 . statement 

Novelty (N) Claims 2-5, 7-10. 12-14 YES 

Claims 1. 6. 11 NO 

Inventive Step (IS) Claims NONE YES 

Claims 1-14 NO 

Industrial Applicability (lA) Claims l-l^ YES 

Claims NONE NO 



2. citations and explanations (Rule 70.7) 

Claims 1 , 6, and 1 1 lack novelty under PCT Article 33(2) as being anticipated by WOBBER et al. WOBBER teaches a system 
in which shared key encryption is used to communicate data securely between computers (col. 2, line 67 to col. 3, lines 62; coi. 
5 lines 21-34; col. 6, lines 40-62). 

Claims 1, 6, and 11 lack novelty rnder PCT Article 33(2) as being anticipated by LENNON et al. LENNON teaches a 
communication system in which communicated data in encrypted and decrypted using a common operational key (col. 19, lines 
44-62; col. 24, lines 23-37). 

Claims 1, 6, and 11 lack novelty under PCT Article 33(2) as being anticipated by DIFFIE et al. DIFFIE teaches a 
communication system in which data privacy is enforced by the use of shared key cryptography (col. 5, line 60 to col. 6, line 
39). 

Claim 3 lacks an inventive step under PCT Article 33(3) as being obvious over WOBBER et al. It would have been obvious 
to one of ordinary skill in the art at the time the invention was made that symmetric key encryption and decryption could 
have been used to advantage in the WOBBER invention, because these methods would have been widely known to those 
skilled in the data security art to be effective in securing data. 

Claims 4 and 5 lack an inventive step under PCT Article 33(3) as being obvious over WOBBER et al. It would have been 
obvious to one of ordinary skill in the art at the time the invention was made that a "web server engine" could have been 
used to send and receive all types of data, including encrypted data, between client and server nodes in the WOBBER 
invention, because web servers were in common use in many networic systems. 

Claims 2, 7, and 12 lack an inventive step under PCT Article 33(3) as being obvious over WOBBER et al. in view of 

LIN EH AN et al. WOBBER teaches a shared key encryption system used to communicate data between systems. WOBBER 

does not explicitly teach that data stored on a server system is encrypted with a (Continued on Supplemental Sheet.) 
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Supplemental Box 
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Continuation of: Boxes I - VIII 



Sheet 10 



I. BASIS OF REPORT: 

5. (Some) amendments are considered to go beyond the disclosure as filed: 
NONE 



V. 2. REASONED STATEMENTS - CITATIONS AND EXPLANATIONS (Continued): 

private server key. LINEMAN teaches a system in which personal keys are used to encrypt the server data fdes of different 
clients in order to provide increased data security (col. 7, lines 39-64). It would have been obvious to one of ordinary skill in 
the art at the time the invention was made to combine the teachings of LINEHAN with the teachings of WOBBER because a 
combined system would have had improved data security. 

Claims 8 and 13 lack an inventive step under PCT Article 33(3) as being obvious over the prior art as applied in the 
immediately preceding paragraph and further in view of ROSS, Jr, The WOBBER/LINEHAN combination does not explicitly 
teach that data is encrypted with a second user's key before data is sent to a second user. ROSS teaches a cryptographic 
communications system in which data to be communicated to a client system is encrypted with that client's private key before 
the data is transmitted (col. 1, line 31 to col. 3, line 23). It would have been obvious to one of ordinary skill in the art at the 
time the invention was made that the teachings of ROSS could have been advantageously combined with the teachings of 
WOBBER and LINEHAN, thus allowing the WOBBER/LINEHAN system to function with increased security. 

Claim 9 lacks an inventive step under PCT Article 33(3) as being obvious over the prior art as applied in the immediately 
preceding paragraph. The WOBBER/LINEHAN/ROSS combination does not explicitly teach that encrypted data sent to a 
second user can only be viewed on a computer screen by the second user. It would have been obvious to one of ordinary skill 
in the art at the time the invention was made that only a user who possessed the second user's private key can view data 
encrypted by that key. 

Claims 10 and 14 lack an inventive step under PCT Article 33(3) as being obvious over WOBBER et al. WOBBER does not 
explicitly teach that data is processed according to user instructions. It would have been obvious to one of ordinary skill in the 
art at the time the invention was made that server systems are general purpose computers that could be programmed to 
perform individual actions based on client requests, and that this would increase the usefulness and flexibility of the server 
system to clients. 
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US 5.812,671 A (ROSS, Jr.) 22 SEPTEMBER 1998 
US 5,371,794 A (DIFFIE et al.) 06 DECEMBER 1994 
US 5,495,533 A ( LINEHAN et al.) 27 FEBRUARY 1996 



- NEW CITATIONS 



Form PCT/IPEA/409 (Supplemental Box) (July 1998)* 



WORLD INTELLECTUAL PROPERTY ORGANIZATION 
International Bureau 




PCX 

INTERNATIONAL APPUCATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT) 



(51) International Patent Classification ^ : 
H04L 9/00 



Al 



(11) International Publication Number: 
(43) International Publication Date: 



WO 00/22773 

20 April 2000 (20.04.00) 



(21) International Application Number: PCT/US99/24142 

(22) International FUing Date: 1 4 October 1 999 ( 1 4. 1 0.99) 



(30) Priority Data: 

60/104.270 



14 October 1998 (14.10,98) 



US 



(71) Applicant (for all designated States except US): ULTRA 
INFORMATION SYSTEMS LLC [US/US]; Suite 200, 4984 
El Camino Real. Los Altos. CA 94022 (US). 

(72) Inventor; and 

(75) Inventor/Applicant (for US only): SPRAGGS, Lynn [CA/CA]; 
8604 Kalavista Drive. Vernon. British Columbia VIB 1K3 
(CA). 

(74) Agents: TOCZYCKI, Robert et al.; Carr & Femell LLP. Suite 
200. 2225 East Bayshore Road. Palo Alto. CA 94303 (US). 



(81) Designated States: AE, AL. AM, AT. AU. AZ. BA. BB. BG, 
BR. BY. CA. CH. CN, CR. CU. CZ. DE. DK. DM. EE. 
ES. FI. GB. GD. GE, GH, GM, HR, HU, ID. IL. IN. IS, JP. 
KE, KG. KP. KR, KZ, LC, LK, LR. LS. LT. LU. LV. MD. 
MG, MK, MN. MW. MX. NO. NZ, PL, PT. RO, RU, SD. 
SE, SG, SI, SK, SL, TJ, TM. TO, TT, TZ. UA. UG. US, 
UZ. VN. YU, ZA. ZW. ARIPO patent (GH. GM, KE, LS. 
MW, SD. SL, SZ, TZ, UG. ZW), Eurasian patent (AM. AZ. 
BY. KG. KZ, MD. RU, TJ. TM), European patent (AT, BE, 
CH. CY, DE, DK, ES, FI. FR. GB, GR, IE, IT, LU, MC, 
NL, PT, SE), OAPI patent (BF. BJ, CF, CG. CI, CM, GA. 
GN. GW, ML, MR, NE. SN, TD. TG). 



Published 

With international search report. 

Before the expiration of the time limit for amending the 
claims and to be republished in the event of the receipt of 
amendments. 



(54) Tide: SYSTEM AND METHOD OF SENDING AND RECEIVING SECURE DATA WITH A SHARED KEY 



(57) Abstract 

A server computer (100) sends and receives 
secure data provided by authorized users (102, 
104). The data is secured by encrypting (608) and 
decrypting (610) the data with a key that is shared 
between the users and the server computer. As the 
server computer receives a user*s encrypted data, 
the server computer decrypts the data using the 
user's shared key (304) stored in a database on the 
server. The server computer can then process the 
data according to the user's instructions, this could 
include securely storing the data for retrieval by 
another user (614). processing the data, and/or 
securely sending the data to a second user by 
encrypting the data with the user's shared key 
(708). 
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DETAILED ACTION f^^^^Y 



EXAMINER'S AMENDMENT 

An examiner's amendment to the record appears below. Should the changes 
and/or additions be unacceptable to applicant, an amendment may be filed as provided 
by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be 
submitted no later than the payment of the issue fee. 

Authorization for this examiner's amendment was given in a telephone interview 
with Mr. Lynn Spraggs on September 17, 2004. 

The application has been amended as follows: 

IN THE CLAIMS. 
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/ 1/^ (New) A system for using a shared key to transmit secure data between a client and 
a server, the system comprising: 

an encrypt/decrypt engine for using the shared key to encrypt or decrypt data, 
the encrypt/decrypt engine being configured for delivery via a web page to a client in 
response to a user request and further configured to encrypt data independently of an 
identity of the physical client; 

wherein the server includes a user private keys database configured to store the 
shared key^ [[.]] Andr and wherein, it is possible for the client and the server to reside on 
the same physical computing device^ [[.]] And wh e n and where the shared key is 
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derived from the user's authentication data, and the derived shared key is used for 
encrypting all data . ^ 
P-jfe. (Previously) The system of claim wherein the shared key is a user's private key 
entered by a user into the web page. ^ 
3 (Previously) The system of claim )^ further comprising a secure data database 
configured to store data received from the client and, upon the completion of a 
processing step, to deliver the stored data in an encrypted format to the client or to 
another client. | 

(Previously) The system of claim ^^ further comprising a secure data database 
configured to store data received from the client and, upon receipt of a request for the 
data, to deliver the stored data in an encrypted format to the client or to another client. 

. (New) The system of claim 1/6 wherein the shared key is transmitted between the 
server and the client as few as zero times and the shared key is transmitted between 
the server and the user as few as one time^ [[.]] The7 the key is not sent for 
authentication purposes, rather the effect of the key in the encn/ption process is sent. 
[[.]] Cons e quent l y, consequently, the shared key does not need to be retransmitted 
once it has been established . ^ 
^ (Previously) The system of claim^ wherein the shared key is a user's private key 
entered by a user. 



(Previously) The system of claim ^ wherein the client encrypt/decrypt engine is 



installed on the client. 
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(New) A system for using a shared key in transmitting secure data between a client 
and a server, the system comprising: 

an encrypt/decrypt engine for using, the shared key, in encrypting data, the 
encrypt/decrypt engine being configured to encrypt data independently of an identity of 
the client; 

and a user private keys database located on the server and configured to store 

the shared key, the shared key being the private key of a user^ [[.]] And wh e n and 

where the shared key is derived from the user's authentication data, and the derived 

shared key is used for encrvpting all data . 

. (New) The system .of claim ^ wherein the server is configured to decrypt encrypted 

data received from the client using the shared key and to use a private server key, 

known only by the server , to re-encrypt the decrypted data. 

f 

(New) The system of claim 3*3 further comprising a secure data database configured 
to store the encrypted data received from the client and re-encrypted by the server and 
to deliver the stored data to the client or to another client; the delivered data, after the 
completion of a processing step, being encrypted with the shared user key or with 
another shared user key^ [[.]] And wh e n and where the shared key is derived from the 
user's authentication data, and the derived shared key is used for encrypting all data . 

. (New) The system of claim 23 further comprising a secure data database configured 
to store the encrypted data received from the client and re-encrypted by the server and 
to deliver the stored data to the client or to another client; the delivered data being, upon 
receipt of a request for the data, encrypted with the shared user key or with another 



Application/Control Number: 09/554,419 Page 5 

Art Unit: 2137 

shared user key, where the shared key is derived from the user's authentication data, 
and the derived shared key is used for encrypting all data . 

1*^^. (Previously) The system of claim 2^ wherein the request is from the user. 

(Previously) The system of claim ^wherein the request is from an other user. 

I (New) A system for using a shared key in transmitting secure data between a client 
and a server, the system comprising: 

an encrypt/decrypt engine for using the shared key entered by a user to encrypt 
^ data entered by the user, the encrypt/decrypt engine being configured such that all data 
entered by the user and stored on the client is stored in encrypted form, and further 
configured to encrypt data independently of an identity of the physical client : the shared 
key entry being the responsibility of the user and not the client: the server including a 
user private keys database configured to store the shared key, the shared key being a 
private key of a user; and not a physical client and, when where the shared key is 
derived from the user's authentication data and the derived shared key is used for 
encrypting all data. 

Tp. (Previously) The system of claim 28, wherein the encrypt/decrypt engine uses a 
symmetric key encryption/decryption algorithm for encrypting and decrypting data. 

. (Previously) The system of claim 28, further including a web server engine 
configured for the user to securely send or receive data from the client to the server. 

. (New) A method for using a shared key in receiving secure data on a server, 
comprising the steps of: 
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delivering from a server to a client a web page including an encrypt/decrypt 
engine; encrypting data on the client using the encrypt/decrypt engine and a shared key 
entered by a user of the client, the shared key being shared between the user aid the 
server; 

delivering the encrypted data from the client to the server; wh e n where the shared key 
is derived from the user's authentication data and the derived shared key is used for 
encrypting all data: receiving the encrypted data at the server; decrypting the encrypted 
data at the server using the shared 

key; and processing the decrypted data, wh e n where the shared key is derived from the 
user's authentication data and the derived shared key is used for encrypting all data. 
p. (Previously) The method of claim f\ , wherein the step of processing the decrypted 
data includes the steps of: encrypting the decrypted data with a private server key; and 
storing the encrypted data in a database. 

3Q. (Previously) The method of claim wherein the step of processing the decrypted 
data includes the steps of: re-encrypting the data with an other user's private key shared 
between the other user and the server; and sending the re-encrypted data to the other 
user. 

7ft. (Previously) The method of claim ^ , wherein the step of processing the decrypted 
data includes the steps of: decrypting the encrypted data with the private server key; 
re-encrypting the data with a second user's key shared between the second user and 
the server; and sending the re-encrypted data to the second user. 



/ 

9 
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^^5. (Previously) The method of claim 34, wherein the step of processing the decrypted 
data includes the steps of: processing the data according to an instruction of the user; 
re-encrypting the processed data using the user's shared key; and sending the re- 
encrypted processed data to the user. 

. (Previously) The method of claim ^, wherein the step of, processing the decrypted 
data includes storing the decrypted data in a secure database. 
^ 37. (New) A computer-readable medium comprising program instructions for causing a 
computer system to use a shared key in receiving secure data at a server, by the steps 
of: 

delivering a web page from the server to a client, the web page including an 
encrypt/decrypt engine and being configured to use the encrypt/decrypt engine and a 
shared key entered by a user of the client to encrypt data on the client; the shared key 
being shared between the user and the server; receiving the encrypted data at then 
server; decrypting the encrypted data using the shared key; and processing the 
decrypted data a nd wh e n where the shared key is derived from the user's 
authentication data and the derived shared key is used for encrvptinq all data. 

(New) A computer-readable medium comprising program instructions for causing a 
computer system to receive secure data on a server using a shared key, by the steps 
of: delivering an encrypt/ decrypt engine from the server to a client, the encrypt/decrypt 
engine being configured to use a shared key entered by a user of the client to encrypt 
data on the client, the shared key being shared between the user and the server and 
the encryption being independent of an identity of the physical client; receiving the 
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encrypted data at the server; decrypting the encrypted data using the shared key; and 
processing the decrypted data, wh e n where the shared key is derived from the user's 
authentication data and the derived shared key is used for encrypting all data. 

(Previously) The computer readable medium of claim 3^, further comprising 
program instructions for causing the processed decrypted data to be re-encrypted using 
a private server key. ^ 

(Previously) The computer-readable medium of claim 3e, further comprising 
program instructions for causing the processed decrypted data to be stored in a secure 
database. 

^ f\. (Previously) The computer-readable medium of claim wherein processing the 
decrypted data includes the steps of: re-encrypting the data with the private server key; 
storing the re-encrypted data; decrypting the stored data with the private server key; 
encrypting the data with a second user's key shaved between the second user and the 
server; and sending the encrypted data to the second user. 

. (Previously) The computer-readable medium of claim p6 wherein processing the 
decrypted data includes the steps of: processing the data according to an instruction of 
the user; encrypting the processed data using a shared key; and sending the encrypted 
processed data to the user or to another user. 

(New) A method of using a shared key in transmitting secure data between a client 
and a server using a shared key, comprising the steps of: encrypting data using the 
shared key with an encrypt/decrypt engine configured to encrypt data independently of 
an identity of the client, the shared key being entered by a user of the client; delivering 
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the encrypted data from the client to the server; receiving the encrypted data at the 
server; decrypting the encrypted data, at the server using the shared key, the shared 
key being stored in a user private keys database; and processing the decrypted data, 
wheR where the shared kev is derived from the user's authentication data and the 
derived shared kev is used for encrypting all data. 

(Previously) The method of claim 4^,^^erein processing the decrypted data 
^ includes the steps of: encrypting the decrypted data with a private server key; and 
storing the encrypted data, in a database. 

4|5. (Previously) The method of claim Ap, wherein the step of processing the decrypted 
data includes the steps of: encrypting the data with an other user's private key shared 
between the other user and the server; and sending the encrypted data to the other 
user. 

(Previously) The method of claim ^,*wXerein the step of processing the decrypted 
data includes the steps of: decrypting the re-encrypted data with the private server key; 
encrypting the data with a second user's key shared between the second user and the 



server; and sending the encrypted data to the second user. 

(Previously) The method of claim wherein the step of processing the decrypted 



data includes the steps of: processing the data according to an instruction of the user; 
re-encrypting the processed data using the user's shared key; and sending the 
re-encrypted processed data to the user. 



Allowable Subject Matter 
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The following is an examiner's statement of reasons for allowance: The present 
invention is directed to a system for secure transfer of data between a client and a 
server. Each independent claim identifies the uniquely distinct feature " of an 
encrypt/decrypt engine using a key shared between the client and server where the 
shared key is derived from the user's authentication data and the derived shared key is 
used for encrypting all data " The prior art, Laursen et al (US 6,065,120) discloses a 
conventional security system between a client and server, either singularly or in 
combination, fails to anticipate or render the claimed limitation obvious. 

Any comments considered necessary by applicant must be submitted no later 
than the payment of the issue fee and, to avoid processing delays, should preferably 
accompany the issue fee. Such submissions should be clearly labeled "Comments on 
Statement of Reasons for Allowance." 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Matthew B Smithers whose telephone number is (703) 
308-9293. The examiner can normally be reached on Monday-Friday (9:00-5:30) EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Andrew T Caldwell can be reached on (703) 306-3036. The fax phone 
number for the organization where this application or proceeding is assigned is 703- 
872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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